diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2021-08-16 14:58:34 +0200 | 
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2021-08-16 14:58:34 +0200 | 
| commit | 0b2fc8a4bb8aa868222e8df1f5d454047e3c1df5 (patch) | |
| tree | 92f7b9e96c15d2d232667748dacc43f77960736c /roles/workstation/tasks | |
| parent | b232b894c3cbe087c8d504e91637dcf62199eed1 (diff) | |
| download | infrastructure-0b2fc8a4bb8aa868222e8df1f5d454047e3c1df5.tar.gz | |
roles/workstation: Monolithic role for workstation
Diffstat (limited to 'roles/workstation/tasks')
| -rw-r--r-- | roles/workstation/tasks/_archlinux.yml | 10 | ||||
| -rw-r--r-- | roles/workstation/tasks/main.yml | 13 | ||||
| -rw-r--r-- | roles/workstation/tasks/pkgs.yml | 7 | ||||
| -rw-r--r-- | roles/workstation/tasks/sysconf.yml | 43 | 
4 files changed, 73 insertions, 0 deletions
| diff --git a/roles/workstation/tasks/_archlinux.yml b/roles/workstation/tasks/_archlinux.yml new file mode 100644 index 0000000..329372c --- /dev/null +++ b/roles/workstation/tasks/_archlinux.yml @@ -0,0 +1,10 @@ +- name: append current user to system groups +  user: +    name: "{{ ws_user }}" +    groups: "{{ item }}" +    append: true +  loop: +    - docker +    - wheel +    - video +    - audio diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml new file mode 100644 index 0000000..e7c08b9 --- /dev/null +++ b/roles/workstation/tasks/main.yml @@ -0,0 +1,13 @@ +- name: verify running as root +  fail: +    msg: playbook must be run as root +  when: ansible_user_id != "root" + + +- name: include packages +  include_tasks: pkgs.yml +  tags: pkgs + +- name: include sysconf +  include_tasks: sysconf.yml +  tags: sysconf diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml new file mode 100644 index 0000000..8c2354e --- /dev/null +++ b/roles/workstation/tasks/pkgs.yml @@ -0,0 +1,7 @@ +- name: install distribution packages +  package: +    name: "{{ item }}" +    state: present +  loop:  +    - "{{ ws_pkgs['common'] }}" +    - "{{ ws_pkgs[ansible_distribution | lower] }}" diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml new file mode 100644 index 0000000..c8c5ffd --- /dev/null +++ b/roles/workstation/tasks/sysconf.yml @@ -0,0 +1,43 @@ +- name: include operating system sensible task +  include_tasks: "_{{ ansible_distribution | lower }}.yml" +  tags: sysconf + +- name: generate doas configuration +  lineinfile: +    path: /etc/doas.conf +    regexp: "^permit persist keepenv {{ ws_user }} as root" +    line: "permit persist keepenv {{ ws_user }} as root" +    create: true +    mode: "0644" +    owner: 0 +    group: 0 + +- name: allow reboot/shutdown/hibernate with doas +  lineinfile: +    path: /etc/doas.conf +    regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}" +    line: "permit nopass {{ ws_user }} as root cmd {{ item }}" +  loop: +    - zzz +    - ZZZ +    - reboot +    - shutdown + +- name: start and enable pcscd service +  service: +    name: pcscd +    state: started +    enabled: true + +- name: check sudo binary path +  shell: which sudo +  register: result +  failed_when: false + +- name: uninstall sudo binary +  package: +    name: sudo +    state: absent +  when: result.rc == 0 +  register: sudo +  ignore_errors: true |